Policy on Protection of Personal data
- Basic Policy Concerning Data Security and the Protection of Personal data of Grand Nikko Tokyo Daiba. (Grand Nikko Tokyo Co., Ltd., hereinafter referred to as “GNTD”)
- Reservation Records Processing
- Processing of Personal Data other than Reservation Records
- Processing of One Harmony Membership Data
- Form for asserting data subject’s rights (including disclosure, etc. request of retained personal data) Download Page (PDF)
Basic Policy Concerning Data Security and the Protection of Personal Data of Grand Nikko Tokyo Daiba (Grand Nikko Tokyo Co., Ltd. hereinafter referred to as “GNTD”)
Given the importance of data security and the protection of personal data in the advanced information and communications society, GNTD shall endeavor to appropriately manage and protect data in its possession in accordance with the policy stated hereunder.
1. Compliance with Laws and Regulations of Japan
GNTD shall comply with policies, guidelines, and any other rule prescribed in Japanese laws and regulations and by administrative organs.
2. Establishment of a Management System
A management system shall be established within GNTD and the division of responsibilities shall be clarified.
3. Compliance with Internal Policies, Rules, Guidelines, etc.
GNTD shall formulate and comply with internal policies, rules, guidelines, and any other internal documentation which prescribes rules.
4. Implementation of Safety Measures
GNTD shall implement safety measures, and take preventative measures against unauthorized access to data, and the loss, damage, falsification, leaks or any other data breach.
5. Implementation of Training and Educational Activities
GNTD shall promote training and educational activities for employees with an aim to enhance their knowledge and awareness of data management so that data is managed appropriately.
6. Coordination with Subcontractors
If work relating to data management is subcontracted to other companies, then GNTD shall select a party with adequate experience and capabilities, shall prescribe matters concerning the duty of confidentiality in relevant agreements and shall ensure that data is managed appropriately.
7. Operational Improvement Initiatives
GNTD shall regularly check whether data is appropriately managed and shall continuously exercise initiatives to improve operations.
8. Measures Upon Occurrence of Accidents
If accidents occur, GNTD shall minimize damage and swiftly publish necessary data, and take appropriate measures, including measures to prevent recurrence thereof.
9. Clarification of Inquiries Desk
GNTD shall establish an inquiry desk in order to respond swiftly in good faith, to inquiries, complaints and requests from customers.
10. Publication of this Policy
GNTD shall widely publish policies concerning data security and the protection of personal data, including this Policy by posting it on its website, etc.
Revised on July 16, 2019
Reservation Records Processing
Grand Nikko Tokyo Daiba (hereinafter referred to as “GNTD”) shall process reservation records as stated hereunder.
1. Management of Personal data
GNTD shall, with a recognition of the importance of customers’ personal data submitted by customers, strictly manage such data using computers, etc., paying close attention to the processing thereof.
2. Shared Use
GNTD shall jointly use the reservation records of customers in order to provide services closely related to travel, including hotel or air travel., publicize products and campaigns, and conduct work associated thereto.
Categories of the jointly utilized personal data: customers’ name, telephone number, address, email address, age, gender, place of employment, type of airline mileage program (aka FFP), FFP membership number, FFP tier, name of hotel at which the customer will stay, dates of stay, package plan, applicable rate, arrival time, specific requests, credit card number to guarantee reservations.
Scope of a jointly utilizing person: GNTD, Okura Nikko Hotel Management Co., Ltd. (hereinafter referred to as “ONHM”), member hotels of Okura Hotels & Resorts, Nikko Hotels International and Hotel JAL City chain operated by ONHM, group hotels in alliance with ONHM, Hotel Okura Co., Ltd., Hotel Okura Group companies (*1), JAL Group Airlines (*2), and JAL Card Inc.
* 1 Hotel Okura Group companies are Hotel Okura Enterprise Co., Ltd., Hotel Okura Space Solutions Co., Ltd. and Continental Foods Co., Ltd..
* 2 JAL Group Airlines are Japan Airlines Co., Ltd., Japan Transocean Air Co., Ltd., J-AIR Co., Ltd., Japan Air Commuter Co., Ltd., Ryukyu Air Commuter Co., Ltd. and Hokkaido Air System Co., Ltd.
3. Provision of Reservation Records to Travel Agents
GNTD shall provide the above data provided for in the above item 2 to travel agents if an inquiry is made based on a reservation number provided to the travel agent by a customer.
4. Provision to Third Parties
Except for the abovementioned, GNTD shall not provide or disclose reservation records and data to third parties unless customers have given their consent or unless required to comply with a legal obligation.
5. Confirming Reservations
GNTD shall issue a reservation confirmation concerning reservations accepted by our hotel following the finalization of a reservation by mail, fax or email, etc. to the address, telephone number, fax number or email address specified by customers. Furthermore, please note that when making reservations via our website, an email message confirming the reservation will be sent to the email address provided by the customer.
6. Inquiries Related to Reservation Record
GNTD shall accept inquiries, related to reservation records from customers as follows and shall respond in a swift and appropriate manner within reasonable bounds.Grand Nikko Tokyo Daiba
(9:30 - 18:00JST, excluding year-end and New Year holiday period)
7. Inquiries Related to Other Reservations
Inquiries related to reservation records from customers who have not made reservations with Grand Niko Tokyo Daiba or the Okura Nikko Hotels Reservation Center should be made directly to the hotel, facility or travel agent. that processed the reservation.
Revised on July 16, 2019
Processing of Personal Data other than Reservation Records
In addition to personal data in reservation records, Grand Nikko Tokyo Daiba. (hereinafter referred to as “GNTD”) shall process such personal data as received directly from customers or obtained from travel agents and companies which have contractual relations with GNTD in the following manners.
1. Management of Personal data
GNTD shall, with a recognition of the importance of customers’ personal data submitted by customers, strictly manage such data using computers, paying close attention to the processing thereof.
2. Purpose of Use of Personal data
Personal data provided shall be used within the scope necessary to achieve the following purposes.
To provide appropriate services to satisfy preference and request of customers, based on past usage data at GNTD, Okura Nikko Hotel Management Co., Ltd. (hereinafter referred to as “ONHM”), member hotels of Okura Hotels & Resorts, Nikko Hotels International and Hotel JAL City chain operated by ONHM (hereinafter referred to as “ONHM Member Hotels”).
To provide details regarding information of GNTD.
To provide details regarding accommodations, wedding services, food and beverage services, health club services, original products, and cultural projects of GNTD.
To analyze responses to questionnaires to improve services and for marketing purposes at GNTD, ONHM Member Hotels and ONHM Alliance Hotels.
To conduct marketing activities for GNTD and ONHM.
If customers have agreed in cases other than the above, and when GNTD deem it necessary to contact customers.
3. Provision of Personal data to third Parties
Personal data shall not be provided or disclosed to third parties except when falling under any of the following cases.
To be shared by ONHM Member Hotels, ONHM Alliance Hotels, Hotel Okura Co., Ltd., and Hotel Okura Group Companies(*1).
To be shared with contractors who have entered into agreements that prohibit use of personal data for any purposes other than the specific work outsourced by GNTD.
When customers have given consent in advance.
When required in accordance with laws and regulations.
(*1) Hotel Okura Group companies are Hotel Okura Enterprise Co., Ltd., Hotel Okura Space Solutions Co., Ltd. and Continental Foods Co., Ltd..
4. Inquiries Related to Personal data
Customers’ Inquiries related to their own registered personal data shall be dealt with in a reasonably prompt manner upon personal inquiry by a customer.Grand Nikko Tokyo Daiba
+81-3-5500-6711(9:30 - 18:00JST, excluding year-end and New Year holiday period)
Revised on July 16, 2019
Processing of One Harmony Membership Personal Data
Please refer below site regarding processing of One Harmony Membership personal Data.
SSL (Secure Sockets Layer) refers to the protocol for encrypting and transmitting data over the internet. SSL is a security function that aims to protect important data such as personal data transferred over the Internet from theft, falsification and spoofing by third parties. On the website operated by Okura Nikko Hotel Management Co., Ltd. (hereinafter referred to as “ONHM”) the accommodation reservation page for inserting personal data is an SSL secure page. (Certain pages allow users to select non-SSL communication.)
1. Importance of SSL
The encryption of protocols currently used on the internet is not regulated and thus third parties are able to insert line monitors, PCs, etc. into lines to view data that crisscrosses the internet. The Internet is a network made up of interconnecting websites and a number of relay sites exist between access points and users, making it difficult to grasp whether a site is safe. For this reason, ONHM website prevents eavesdropping, etc. by third parties by utilizing secure communication using SSL when transmitting important data, especially personal data, etc. over the Internet.
2. SSL Structure
SSL first conducts electronic authentication between GNTD and customers prior to customers’ sending personal data (digital certificates and digital signatures), and transmits data after conducting cross certification. In doing so, exchanges between GNTD and customers are disturbed by random digits, and false transmissions to third parties posing as customers who attempt to steal data are prevented. Furthermore, data transmitted using SSL is encrypted using a method which combines two types of encryption methods; public key encryption (RSA) and symmetric key encryption (private key cryptography). An electronic “key” is required to decipher this data. Even if data is intercepted by third parties, it is impossible to decrypt encrypted data without the correct key. Although the number of available keys is finite, it is extremely difficult for third parties to decrypt data as it requires an unrealistically long time, even if work is conducted computationally using a computer, etc., to find the right key by testing all keys in turn.
3. SSL Enabled Browsers
A special configuration is not necessary in order to use SSL. SSL functions automatically when using SSL enabled browsers such as Internet Explorer, Firefox, etc. in their default configuration. It may not be possible to access SSL secure pages or enter data when using browsers that do not support SSL.
* It may not be possible to transmit data using SSL due to FireWall configurations if the customer is connected to the internet via a FireWall on an internal LAN such as a LAN within a company.
4. Data Protection
The website operated by GNTD uses SSL (Secure Sockets Layer) encryption technology on the pages in which personal data is inserted as a safety measure when gathering customers’ personal data. As a result, it encrypts data traveling across the internet and prevents data leaks.
This document is posted only for the purpose of providing data to customers. It does not intend to recommend, request, or demand the use or otherwise of any specific software products.
Revised on July 16, 2019
Form for asserting data subject’s rights (including disclosure, etc. request of retained personal data) Download Page (PDF))
Revised on July 16, 2019
Significant modifications to this Policy shall be announced on this website. Please check the website on a constant basis for up-to-date data on other minor modifications. Please note that GNTD shall assume no responsibility whatsoever for trouble resulting from failure to make such checks.
Please refer to the following for processing of Personal data of customers in the European Economic Area (hereinafter referred to as “EEA”) based on the REGULATION OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (hereinafter referred to as “GDPR”).
Processing of Personal data of EEA residents
This clause shall apply to the processing of personal data of person residing and/or located in the European Economic Area based on the REGULATION OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL N°2016/679 on the protection of natural persons with regarding to the processing of personal data and on the free movement of such data.
The personal data that Grand Nikko Tokyo Daiba (hereinafter referred to as “GNTD”, “we”, “our” or “us”) collects and processes are the one already listed.
Your personal data shall be collected as follows:
- via our Web site ;
- though orders placed ;
- or when you provide it to us voluntarily, especially for our loyalty program, One Harmony.
1. Legal basis for processing:
We will process and use personal data and other data to manage our contractual relationship with you.
We will process and use personal data because we have a legitimate interest to do so, including but not limited to the following purposes:
- Administration of your account and providing of our services to you, for example, it will be necessary for us to use your personal data to complete a booking you have made with us, we will need to use data such as your contact details and payment data to provide you with the stay and/or restaurant booking you have requested and paid for,
- responding to inquiries of customers,
- giving notices about promotional plans and questionnaires including those of the partner companies,
- Improving of our services and developing of new ones,
We will process and use personal data and other data to comply with a legal obligation, including but not limited to the following examples:
- to prevent, detect and fight fraud or other illegal or unauthorized activities,
- to ensure legal compliance to comply with legal requirements, to assist law enforcement or to enforce or exercise our rights, for example our Terms and Conditions,
Alternatively, we may collect and use your personal data where you have given your specific consent to us doing so.
If the basis of our processing your data is consent, you can withdraw your consent to such processing at any time, including by amending your profile online or emailing email@example.com.
However, if you withdraw this consent, in some circumstances, we then cease to process your personal data without jeopardizing any previous operations to which you have consented.
2. Transfer of your personal data:
Your personal data shall be transferred to and stored by ONHM and our service providers in countries outside the country in which you are located and outside the European Economic Area. We operate businesses in multiple jurisdictions, some of which are not located in the European Economic Area (EEA), such as Japan, China and USA. While countries outside the EEA do not always have strong data protection laws, we require all service providers to process your data in a secure manner and in accordance with Japanese and EU legislation on data protection. We organize personal data transfer from the European Union, the European Economic Area and / or their Member States, Switzerland and the United Kingdom to countries which do not provide a satisfactory level of protection of personal data through Standard Contractual Clauses.
3. Retention of Your Personal Data:
We will keep your data for as long as we need it for the purpose it is being processed for. For example, where you book a stay with us we will keep the data related to your booking, so we can fulfil the specific travel arrangements you have made and after that, we will keep the data for a period which enables us to process or respond to any complaints, queries or concerns relating to the booking. The data shall also be retained so that we can continue to improve your experience with us and to ensure that you receive any loyalty rewards which are due to you. We will actively review the data we hold and delete it securely, or anonymize it, when there is no longer a legal, business or customer need for it to be retained.
4. Your Data Protection Rights
Under certain circumstances, by law you have the right to:
- be informed: You hereby acknowledge that this policy informs you of the purposes, legal frameworks, interests, recipients or categories of recipients with which your personal data are shared. You also have the possibility to directly manage the deletion and portability of your personal data through a module made available directly in your personal account.
- Request data about whether we hold personal data about you, and, if so, what that data is and why we are holding/using it. If We do not take action on the request of the data subject, it shall inform the data subject without delay and at the latest within one month of receipt of the request of the reasons for not taking action and on the possibility of lodging a complaint with a supervisory authority and seeking a judicial remedy.
- Request access to your personal data (commonly known as a “data subject access request”). This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.
- Request correction of the personal data that we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected.
- Request erasure of your personal data. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have exercised your right to object to processing. Nevertheless, the exercise of this right is not possible when the conservation of your personal data is required under the laws or regulations, in order for example to acknowledge, exercise or defend your rights in Court.
- Data processing limitation: You are entitled to oppose the processing of your personal data when the processing is based on the legitimate interests of the controller.
- Object to processing of your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. You also have the right to object where we are processing your personal data for direct marketing purposes.
- Object to automated decision-making including profiling, that is not to be subject of any automated decision-making by us using your personal data or profiling of you.
- Request transfer of your personal data in an electronic and structured form to you or to another party (commonly known as a right to “data portability”). This enables you to take your data from us in an electronically useable format and to be able to transfer your data to another party in an electronically useable format.
- Such right can be specifically exercised as regards the following data:
◦ only your personal data, which excludes personal data made anonymous or data that do not apply to you;
◦ personal data provided by yourself;
◦ personal data which do not infringe the rights and freedoms of third parties such as those protected by business secrecy.
- This right is limited to processing based on consent or a contract as well as the personal data that you have personally generated.
- Withdraw consent. In the limited circumstances where you have provided your consent to the collection, processing and transfer of your personal data for a specific purpose, you have the right to withdraw your consent for that specific processing at any time. Once we have received notification that you have withdrawn your consent, we will no longer process your data for the purpose or purposes you originally agreed to.
- Right to lodge a complaint: You have the right to lodge a complaint with the supervisory authority of the Member State where the controller has its main establishment.
- How to exercise your rights: All the rights listed above can be exercised at the following email address firstname.lastname@example.org including a copy of an identity document sent to the attention of Data Protection Officer..
If processing is carried out on behalf of us by other people or companies, we shall select only processors providing sufficient guarantees to implement appropriate technical and organizational measures in such a manner that processing will meet the requirements of the GDPR. The processor shall not engage another processor without prior written authorization of us. The processing shall be governed by a contract that is binding on the processor with regard to us.
Grand Nikko Tokyo Daiba as named as representative in the EU the company Hotel Okura Amsterdam B.V.
Revised on July 16, 2019